CertNexus Certified Cyber Secure Coder (CSC) — Question 81
A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of “armageddon.exe” along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?
Answer options
- A. ps -ef | grep armageddon
- B. top | grep armageddon
- C. wmic process list brief | find “armageddon.exe”
- D. wmic startup list full | find “armageddon.exe”
Correct answer: C
Explanation
The correct command is C, as 'wmic process list brief | find “armageddon.exe”' is specifically designed for Windows systems to list running processes and search for 'armageddon.exe'. Options A and B are commands used in Unix/Linux systems, while option D checks for startup processes rather than currently running ones.